There’s a reason why you’re always hearing warnings about the need to employ better cybersecurity: The problem of cybercrime just keeps growing.
The most current data from the Association for Financial Professionals (AFP) indicates that 82% of companies were targets of payments fraud last year, with most of the growth in such fraud coming from various types of cyberattacks. What’s more, the 2019 AFP Payments Fraud and Control Survey results reveal that payments fraud activity has been rising steadily since 2013.
An insidious and growing challenge
October is National Cybersecurity Awareness Month, a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. It’s a great reminder to all business owners and financial managers that, due to these recent trends, combatting cybercrime should be a priority.
Given the potential for both financial loss and reputational damage, a company’s success — indeed, its very survival — could depend upon the attention that its owners and financial executives pay to this insidious and growing challenge.
Understand the threats
Understanding the dangers is a good place to start.
Most cybercrime involves social engineering schemes and/or malware. Both have been around for years but continue to evolve.
On the social engineering front, business email compromise (BEC) attacks are particularly widespread. In a typical BEC scam, a fraudster sends an accounts payable employee an email purporting to be from one of the company’s executives, often the CEO or CFO. The email directs the employee to initiate a funds transfer to a bank account controlled by the criminal. Results from the 2019 AFP survey show the percentage of organizations targeted in BEC scams increased from 64% in 2014 to 80% in 2018.
Meanwhile, criminals are tirelessly working various angles to inject malicious software, or “malware,” into business networks to initiate costly corporate account takeover and ransomware attacks.
Addressing cybercrime requires a comprehensive effort. At Hancock Whitney, we recommend four key steps:
▪ Defend your business. This step involves establishing a commitment to cybersecurity at the executive level of your organization.
▪ Secure your process. Cybercriminals are exploiting the growing emphasis on speed in today’s payments environment. As an organization, you need to focus more on security than speed. To avoid BEC scams, for instance, train employees to double-check information before releasing payments. The mantra should be: Verify, review, release.
▪ Educate your staff. Your employees are your first and best line of defense against cybercrime. So develop an “employee firewall.” Train employees to secure their devices against unauthorized access, keep company data secure, know the red flags that should alert them to fraud, and use complex passwords.
▪ Protect your banking assets. Work with your bank to protect your assets by adding layers of security. Utilize online banking to keep a daily eye on your transactions, and implement tools like ACH Positive Pay and Trusteer Rapport online security software to thwart fraud attempts.
How your peers are responding
So how are others addressing today’s cybersecurity challenges? In our recent Economic Pulse Survey, we asked business leaders across the Gulf South to tell us all the different ways they're defending themselves against cyber fraud. Here are the top defenses they reported implementing:
Partner with us
At Hancock Whitney we want to be your partner in the battle against cybercrime. I urge you to review the information provided on our cybersecurity awareness web page. I also recommend that you reach out to your banker to learn the best strategies for protecting your business — and take advantage of our banking solutions that can help.